Hacks of the Month —November
These are the hacks and attacks that happened during last month. A short recap and rundown of what you might have missed in regards to consumer personal data exposed. Hacks of the Month —November!
November timeline:
Week 1 (Nov. 1st -10th):
On Nov. 2nd Radisson rewards members personal information has been compromised from the breach on September 11th. Names, physical addresses, email addresses, company names, telephone numbers, and reward numbers were all exposed
Week 2 ( Nov. 11th -17th)
Google & Target’s Official Twitters Hacked
Nov. 15th Official Google and Target Twitter accounts hacked in bitcoin scam. Managing to compromise Google’s G Suite account claiming that G Suite was now accepting cryptocurrency payments in an effort to promote the crypto currency. A similar attack happen on Targets big box store Twitter account.
Week 3: (Nov. 18th – 24th):
Nov. 18th The company notified affected users of a security bug that resides in a new feature called “Download Your Data” that allows users to download a copy of their data shared on the social media platform, including photos, comments, posts and other information they have shared on the platform. The issue was “discovered internally and affected a very small number of people” according to a spokesperson for the company.
Amazon customers emails leaked
Did you get an email from Amazon on Nov. 21st? A few customers reported and asked on social media, Twitter, if the email sent to them was a fake one. The leak mentions only names and email addresses were disclosed “due to a technical error” but Amazon refused to comment further. The big concern here is the brevity of the emails from Amazon other than to say the issue was fixed and not related to a breach.
Week 4: (Nov. 25th – 30th):
60 million names, home addresses, phone numbers, emails, and were exposed over a year ago. We are now (Nov. 23rd) hearing about it during the holidays, the new USPS service called InformedDelivery allows users to view their mail before it arrives. According to Brian Krebs from Krebs on Security, identity thieves are using the service to see what mail is arriving at users homes on what days. This would allow them to target checks and important documents containing personal information.
Dunkin’ Donuts customer data hacked
On Oct. 31st attackers gained accessed to customers’ DD Perks and Dunkin’ Donuts rewards account information. The company said that it believes the hacker obtained usernames and passwords from other companies —third parties. Gaining information access, they used it to log into some Dunkin’ DD Perks accounts. The company also forced a password reset for all potentially impacted DD Perks account holders to log out and back in using new password.
